org.apache.qpid:proton-j
Maven2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.qpid:proton-jpage 1 of 1
- CVE-2016-2166MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.12.12016-04-12
vulnerable: 0.10 ... 0.9.1 (11 versions)
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavai…
- CVE-2018-17187HIGHCVSS 7.4EG 7.4✓ Fixed in 0.30.02018-11-13
vulnerable: 0.10 ... 0.9.1 (35 versions)
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as…
Check whether org.apache.qpid:proton-j is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.qpid:proton-j CVEs against the assets you own.
Start Free Scan →